This is used to remove OP_CODE_SEPARATOR codes and signatures. So from what I can tell the OP_CODE_SERPARATOR codes are just removed if they match the next operator in the loop. For signatures, how do they match? Do the signatures have to match the entire push operation? It seems like it may also match signatures if they come after each other in a push operation like:

So it would match if the signature repeats like that? Or would it only match the first one? Also it seems to me that data in front of the signature would cause the signature not to be removed. Any data after the signature is ignored. Is this right?

You see the look where I create the script_code object? It loops from the last codehash position until the end of all the operations, skipping the signature or any codeseparators. Everything else is pushed to the new script object which is then used for the check_signature function.

I would suggest not copying Bitcoin's representation of scripts and instead store the parse tree for scripts. It makes it much easier for the user from an API perspective. Just remember that coinbases are unparsable so you'll need either a special script type or opcode for a raw_script (which is uninterpretable).